Read Time:2 Minute, 40 Second
As more and more businesses move their operations to the cloud, hackers are finding new ways to exploit vulnerabilities in cloud-based services. A recent report from Kaspersky Lab shows that a group of Russian hackers has been using Microsoft Azure services to hack into the accounts of Microsoft 365 users.
Cozy Bear (aka APT29 and Nobelium), a state-backed Russian cyberespionage group, has been especially active in targeting Microsoft 365 accounts belonging to NATO countries and trying to gain access to foreign policy information. The group has been using various methods to break into these accounts, but one of the most common is exploiting vulnerabilities in Azure services.
The Russian hackers have been using a phishing campaign that targets Azure Active Directory (AD) and Office 365 users. The campaign starts with an email that looks like it’s from Microsoft, telling the user that their account has been locked. The email includes a link to what looks like a Microsoft login page but is a phishing page designed to steal the user’s credentials.
Once the hackers have the user’s login information, they can then use it to gain access to the victim’s Azure account. From there, they can create a new virtual machine (VM) and use it to launch attacks against other Microsoft 365 users or even gain access to the victim’s Office 365 mailbox.
This isn’t the only way Cozy Bear has exploited Azure services. The group has also used AzDGDumpsterFire to brute force its way into Azure Storage Accounts. This tool is designed to guess the names of storage containers and then download the contents. The hackers can access sensitive data that users may store by downloading these storage containers.
According to Mandiant, a cyber security firm tracking Cozy Bear’s activities, the group has been using these methods to target various organisations, including government agencies, think tanks, and NGOs.
Mandiant researchers warn that the Russian group continues to demonstrate exceptional operational security to prevent analysts from discovering and exposing their attack methods.
“This campaign is ongoing and currently focused on NATO member states and entities perceived to be in conflict with Russian interests,” a Mandiant researcher said.
Cozy Bear has been active since 2008 and is best known for its sophisticated attacks against the U.S. State Department, the White House, and the Democratic National Committee during the 2016 presidential election.
While the group has been relatively quiet in recent years, it appears to have ramped up its activity this 2022 with a series of targeted attacks against high-profile organisations.
These attacks suggest that Cozy Bear is becoming brazen and confident in its ability to evade detection and carry out sophisticated cyber operations.
“It’s definitely a trend we’re seeing with Cozy Bear, and other Russian hackers as well, of increasing their operational security and becoming bolder in their actions,” said Katie Nickels, a threat intelligence analyst at FireEye.
“They’re not afraid to go after high-profile targets, and they’re not afraid to be disruptive,” she added. “They’re definitely a group to watch.”
To protect yourself from being targeted by Cozy Bear or other state-sponsored hackers, it’s essential to practice good cyber hygiene and ensure that you have strong security defences.
Happy
0 %
Sad
0 %
Excited
0 %
Sleepy
0 %
Angry
0 %
Surprise
0 %
0
0
